Special Requirements for Electronic Medical Records in ... - HealthIT.gov

57 downloads 1851 Views 403KB Size Report
Keywords: Adolescent; Electronic medical records; Confidentiality; Health services research ... and process design considerations needed to protect the confidentiality of ... now contain the personal health information (PHI) of millions of.
Journal of Adolescent Health 51 (2012) 409 – 414

www.jahonline.org Commentary

Special Requirements for Electronic Medical Records in Adolescent Medicine Arash Anoshiravani, M.D., M.P.H.a, Gregory L. Gaskin,b, Mark R. Groshek, M.D.c, Cynthia Kuelbs, M.D.d, and Christopher A. Longhurst, M.D., MS.e a

Department of Pediatrics, Stanford University, Stanford, California; Department of Clinical Informatics, Lucile Packard Children’s Hospital, Palo Alto, California; Santa Clara County Juvenile Custody Institutions, Santa Clara Valley Medical Center, San Jose, California b Department of Clinical Informatics, Lucile Packard Children’s Hospital, Palo Alto, California c Department of Pediatrics and Health Connections Department, Kaiser Permanente, Denver, Colorado d Department of Information Technology, Rady Children’s Hospital, San Diego, California; Department of Pediatrics, University of California, San Diego, California e Department of Pediatrics, Stanford University, Stanford, California; Department of Clinical Informatics, Lucile Packard Children’s Hospital, Palo Alto, California

Keywords: Adolescent; Electronic medical records; Confidentiality; Health services research

A B S T R A C T

Adolescents are a group likely to seek and, perhaps, most likely to benefit from electronic access to health information. Despite significant advances in technical capabilities over the past decade, to date neither electronic medical record vendors nor many health care systems have adequately addressed the functionality and process design considerations needed to protect the confidentiality of adolescent patients in an electronic world. We propose a shared responsibility for creating the necessary tools and processes to maintain the adolescent confidentiality required by most states: (1) system vendors must provide key functionality in their products (adolescent privacy default settings, customizable privacy controls, proxy access, and health information exchange compatibility), and (2) health care institutions must systematically address relevant adolescent confidentiality policies and process design issues. We highlight the unique technical and process considerations relevant to this patient population, as well as the collaborative multistakeholder work required for adolescent patients to experience the potential benefits of both electronic medical records and participatory health information technology. 䉷 2012 Society for Adolescent Health and Medicine. All rights reserved.

Federal incentives have accelerated the shift from paper to electronic health records, and electronic medical records (EMRs) now contain the personal health information (PHI) of millions of adolescent patients in the United States [1–3]. Despite significant advances in technical capabilities over the past decade, many commercial EMR vendors have not yet adequately addressed the concerns and confidentiality requirements inherent to providing quality health care for adolescents [4 – 6]. Differing state laws defining the types of health care services (typically reproductive health and mental health related) and minimum ages at which adolescents may independently seek those “confidential” services contribute to the complexity [7–9]. Ironically, adolescents of this generation are a group likely to seek and, arguably, most likely to benefit from secure electronic access to their own confidential and nonconfidential health information [10]. Previous reports have outlined some of the issues unique to EMRs in pediatric and obstetric populations; however, none have comprehensively addressed both the technical and process complexities inherent in adolescent health care [2,11,12]. Even when

EMR vendor software can be customized to address adolescent privacy, this important issue requires solutions that individual clinics, hospitals, and states should not have to deal with on a case-by-case basis. We attempt to systematically address both the technical and process considerations relevant to using EMRs in the inpatient and ambulatory care of adolescents, with the explicit goal of allowing adolescent patients to begin experiencing the potential benefits of participatory health information technology [1,13–15]. Patient Experience Even in the least complicated adolescent health visits, privacy and confidentiality concerns related to EMRs can be significant and difficult to anticipate. In fact, a typical adolescent patient engaging the health care system can experience confidentiality issues at virtually every step of the process. In the ambulatory setting, even the most straightforward situations present risks of inadvertent exposure of an adolescent

1054-139X/$ - see front matter 䉷 2012 Society for Adolescent Health and Medicine. All rights reserved. http://dx.doi.org/10.1016/j.jadohealth.2012.08.003

410

A. Anoshiravani et al. / Journal of Adolescent Health 51 (2012) 409 – 414

patient’s confidential information, including (1) calling a clinic to make an appointment (and providing a reason for the visit); (2) potential posting of e-mail, text, or patient portal confirmations of the appointment (to which parents may have direct access); (3) reviewing and reconciling medications, problem lists, or health-related behaviors (such as smoking status, as required by meaningful use) with a clinician during the actual visit (during which the parent might see or hear about sensitive medications or diagnoses); (4) receiving and filling of new medication prescriptions (especially when a medication can be used for both confidential or nonconfidential problems); (5) releasing sensitive laboratory results through electronic means (if parents have online access to such results); and (6) automated posting of bills and after-visit summaries (AVS) either by mail or to patient portal accounts. Inpatient hospitalizations and emergency department visits, with more acute, severe, and complicated health issues, can be even more problematic. Confidentiality may be breached on admission, as problem lists and medications are reviewed; at discharge, with information on the AVS; and after discharge, with release of information (ROI). Revealing information such as admission diagnosis, medication reconciliation, laboratory results, diagnostic studies, and procedures through the EMR can compromise confidentiality, especially for patients admitted with complications of substance abuse, mental health concerns, or reproductive health issues. In all these cases, although the input of caring involved adults may prove critically important to eventual outcomes, ROI on inpatient and emergency department visits must contain safeguards to ensure that adolescent confidentiality is maintained when records are released to parents. Key EMR Functionality Although commercial EMR vendors have improved functionality dramatically throughout the past decade, critical capabilities related to privacy and confidentiality in the care of adolescent patients are still either missing or haphazardly implemented. Protecting adolescents’ privacy in the health care setting is supported by evidence of best practice, as well as required by law in most U.S. states [5,16,17]. Vendors must partner with clinicians and health care systems to identify and incorporate into EMRs the technical capabilities necessary to appropriately care for adolescent patients. Such functionality should include (1) default privacy settings for most adolescents, (2) customizable privacy controls for those health care systems, patients, and clinicians (at the point of care) whose needs differ from the defaults, and (3) proxy access capabilities that allow for differential access to available PHI when necessary (Table 1).

Table 1 EMR vendor action items Adolescent privacy default settings Granular customizable privacy controls Point-of-care privacy controls for clinicians Clear on-screen labeling of confidential data elements Built-in adolescent privacy-related decision-support tools Robust, patient-adjustable proxy access capabilities for patient portals After-visit summary, bill, and post-visit survey suppression capabilities Joint development of adolescent privacy standards for health information exchange, e-prescribing, and billing with the ONC and public/private payers EMR ⫽ electronic medical records; ONC ⫽ The Office of the National Coordinator for Health Information Technology.

Furthermore, all these technical functionalities must be retained even when data are electronically transferred through health information exchange (HIE) [18]. Default privacy settings for adolescents In caring for adolescents in the acute care or ambulatory setting, the ability to designate medications, laboratory results, diagnoses, problem list elements, or even entire visits as “sensitive” or “confidential” can be critical for patient confidence and safety. Without the functionality to define and virtually separate sensitive and nonsensitive information, providers and health care systems run the risk of inadvertently sharing confidential PHI, particularly as more clinical information becomes accessible through online patient portals [19,20]. Even unintentional sharing with the patient’s parents, guardians, or others with whom the patient prefers not to share (or to whom the law prevents unauthorized release) can have serious clinical, ethical, and legal consequences [16,21]. Unfortunately, current commercial EMR systems vary greatly in their ability to designate specific health data elements as confidential. Special adolescent medicine privacy default settings offered by vendors in EMRs could provide a solid foundation on which individual health care systems might build. Such predefined settings could decrease the need for vendors and providers to continually tackle these issues on a case-by-case basis with each new implementation. The result would be decreased confusion, uncertainty, and implementation time and cost. Although laws do vary from state to state, most are similar in spirit and intent, especially when mental and reproductive health care are concerned. By providing a prebuilt set of default “adolescent confidentiality menus” within the configuration settings, EMR vendors could significantly reduce the complexities health systems— especially smaller clinics and hospitals that do not have adolescent medicine specialists—face in caring for teenagers. The goal must be to allow all authorized providers actively caring for the patient to access all data in the adolescent patient’s medical record, while making confidential PHI “invisible” for parents, guardians, and other nonclinicians, as outlined by specific state laws and best practice. Customizable privacy controls At the same time, default settings must be changeable when it makes sense from both a legal and clinical standpoint. Customizable default settings would ensure that clinical practices with different needs will be able to provide the best and most appropriate care for their patients. For example, primary care adolescent medicine practices may choose to allow parents to see primary care-related AVS and immunization records, while suppressing access to specific sensitive laboratory results, diagnoses, problems, medications, or history sections (e.g., pregnancy tests, sexually transmitted infection results or treatments, and Home, Education, Activities, Drugs, Sex, Suicide [HEADSS] assessments). Practices and hospital services that care primarily for adolescents with special care needs or severe chronic conditions may need parents to be more directly involved in certain aspects of their child’s care, and parents may even be legally granted full access to the PHI of patients deemed incompetent for medical reasons. In cases of severe or fatal conditions, parents may prefer to suppress certain diagnoses or problem list elements from their child until appropriate family discussions can occur either in the

A. Anoshiravani et al. / Journal of Adolescent Health 51 (2012) 409 – 414

home or hospital setting. EMRs should have the flexibility to allow for these kinds of custom access as dictated by the health care team. In addition, the capability for individual practitioners (during a visit or post hoc) and patients themselves (during a visit or later through a patient portal) to designate specific health information as sensitive or not is another critical component to the appropriate use of EMRs in adolescent health care. It is not sufficient for an EMR to consistently classify and virtually separate sensitive information without patient context because a medicine or laboratory result that is confidential in some clinical situations (e.g., acyclovir for HSV2 infection or oral contraceptive pills for birth control) may not be in others (e.g., acyclovir for varicella infection or oral contraceptive pills to treat acne). Clinicians should be able to assign specific elements of an adolescent patient’s EMR as confidential at the point of care— even if the institutional or clinic or service line defaults typically consider them nonsensitive. Subsequent changes or removal of confidentiality restrictions by the trusted clinician at patient request should also be technically possible within the EMR. Similarly, adolescent patients should have some reasonable personal control over the private health information they share, and with whom. An adolescent patient who decides she is willing to share her pregnancy test results (considered “confidential” by the hospital’s EMR default settings in most states) with a parent should be able to electronically “turn off” the confidentiality setting that would normally suppress her parent’s electronic and paper-based access to that information. The opposite scenario— such as an appointment scheduled as a nonconfidential “acne recheck” that turns out to be about depression and substance abuse—should be allowable as well, where consistent with state law. Vulnerable populations, such as undocumented, lesbian, gay, bisexual, and transgender, juvenile justice-involved, or selfsufficient/emancipated youth, may require other privacy protections and access rights, some of which may be best elucidated with input from those youths themselves [22]. Finally, in a scenario that is not infrequent, even among adolescents with confidential issues, a young patient who prefers to defer to his/her parents for scheduling appointments or following up on lab results should have the option to allow broader parental access. However, in such cases, health care systems must develop policies and practices that allow adolescent patients to make that choice in a noncoercive manner and in a private setting. In short, EMRs should enable health care providers to comply with relevant state laws, as well as clinical best practices, while also providing the flexibility to best address the clinical needs of adolescent patients. Robust proxy access As meaningful use criteria push health systems to increase patient access to PHI [3], adolescents should not have to sacrifice privacy for electronic access, and robust proxy access capabilities for parents and guardians with patient-customizable privacy controls should become standard for commercial EMRs. We expect that most such patient–EMR interaction might occur through online patient portals accessed through either personal computers or, increasingly likely, Internet-enabled mobile devices; however, similar consideration must also be given to paper-based ROI. Ideally, capable adolescents aged 12–17 years should have sole access to their sensitive health information, including labo-

411

ratory results, medications, appointments, diagnoses, and AVS related to reproductive and mental health concerns, unless they specifically choose otherwise. Parents and guardians can access all other elements of the medical record, unless the EMR system’s default settings, a clinician, or the patient—as allowable by state laws— has designated something as confidential. Once an adolescent reaches the age of majority (typically age 18 years), control over and access to all PHI revert to him; however, the ability to authorize proxy access for adults such as parents, guardians, partners, and so forth will likely remain an important system function for some adolescent patients. Health information exchange The ability of the EMR to retain and pass along the aforementioned functionalities even when the data are transferred through HIE will be critical to the appropriate care of adolescents’ privacy in this age of increased connectivity. Confidential information must remain confidential even when it is passed from one health care system to another. A standardized vocabulary for delineating confidential information must be developed, and HIE standards must take into account confidential metadata. Patient billing and e-prescribing, in particular, represent critical areas in which no confidential tagging or widely accepted mechanisms exist currently and for which the risk of violating confidentiality across systems is particularly high. EMR developers, federal policy makers, and payers must begin the important foundational work required so that adolescents moving between and interacting with different health care-related institutions do not experience inadvertent privacy breeches. Some health care systems may decide to emulate those who have set aside special funds for providing confidential adolescent services without ever billing an insurance company, and others may find different creative solutions that comply with local laws. However, until such time that these mechanisms and controls emerge, adolescent health care providers should proceed with caution in HIE participation to ensure that confidential data remain confidential. Practical Tips for Health Care Providers Implementing and Optimizing an EMR Concerns about EMRs in adolescent health care are not exclusively technical, and the entire burden of shaping EMRs to best address the health needs of adolescents cannot rest solely on EMR vendors. The process of implementing an EMR into a health care setting is a sociotechnical process, requiring not only a functional technology but also a deep consideration of the health care system’s existing organization, processes, and culture. With well-defined policies and procedures related to adolescent confidentiality, mapping to functionalities in compliant EMRs should eventually prove relatively straightforward. However, our experience suggests that many, if not most, health care systems will find current processes and practices in the paper-based world inadequate for ensuring adolescent confidentiality. Planning and design Initially, all relevant stakeholders must agree that providing excellent confidential adolescent health care is an imper-

412

A. Anoshiravani et al. / Journal of Adolescent Health 51 (2012) 409 – 414

Table 2 Institutional process considerations for EMR use in adolescent medicine Patient experience

Institutional process considerations

1) Appointment scheduling, clinic or hospital registration /check-in

Train scheduling, registration, and support staff in: X Adolescent confidentiality laws and policies X Exercising caution in discussing reason(s) for visit in presence of parents or in public Train clinical staff in: X Medication reconciliation procedures both with and without parents present X Marking confidential information appropriately in the EMR, where technically possible X Recognizing how confidential information is tagged with the EMR Train all support staff in: X Not discussing any EMR entries flagged as confidential in the presence of parents Train clinical support staff in: X Not discussing in the presence of parents those patient medications and lab results flagged as sensitive Train coding, billing and financial staff in: X Confidential services and personal health information that should not be discussed with parents X Acceptable coding and billing procedures for specific confidential services for adolescents Train scheduling, quality improvement, marketing, and patient experience staff in: X Not sending appointment reminders and follow-up surveys (mail or phone) to parents for adolescent confidential visits Train medical records and health information staff in: X Confidentiality rights of adolescent patients X Release of information best practices and policies related to adolescent patient visits

2) Clinic visit /hospital intake

3) Follow-up, billing & financial

4) Release of information/ health information exchange

ative foundational issue. Whereas this may seem obvious to those who care for adolescents in inpatient and ambulatory settings, too often those outside of pediatric specialties consider the needs of adolescents as a niche issue. Ultimately, to adequately address privacy concerns in adolescent health care, all institutional stakeholders and decision makers must both understand and support efforts to minimize the risk of violating adolescent patient confidentiality. Relevant stakeholders may include physicians (including those with extensive experience in adolescent health care), other frontline clinical staff, administrators and managers (particularly within the medical records department), legal counsel, health information technologists, patient and family representatives, and communications/marketing teams. These stakeholders need to understand local regulatory requirements relevant to adolescent confidentiality, as well as the information that is released (or inadvertently shared) currently in order to adequately address any concerning areas during the transition to an EMR system. Thus, examination of current orga-

nizational policies, nonelectronic workflows, and real-world scenarios related to adolescent patients’ interactions and experiences with every part of the health care system must follow. Fortunately, in many cases, ensuring adolescent confidentiality requires modest modifications to clinic staff and clinician workflows. However, in most cases, the hard work of addressing the health care needs of adolescent patients works best when begun before an implementation of a functional EMR. Critical areas to examine include current policy and practices related to the following: 1. Scheduling and registration of adolescent visits; 2. Paper ROI to parents of adolescent patients; 3. Sensitive information on paper-based, after-visit, emergency room, and hospital discharge summaries; 4. Problem list review and medication reconciliation of sensitive medications in clinic and hospital settings; 5. Patient billing, explanations of benefits, and postvisit surveys for confidential adolescent visits or for confidential care given during nonconfidential visits. Once the health care system has adequately addressed these process design issues related to EMR implementation, appropriate training for all staff and clinical personnel about best and expected practices related to adolescent privacy and confidentiality within the system must begin (Table 2). In addition, built-in adolescent privacy-related decision-support tools within the EMR, ongoing staff training opportunities even after initial implementation phase, and continuing quality improvement/quality assurance efforts related to the EMR and adolescent confidentiality are critical to ensuring that all the systems involved in the care of adolescents violate neither the law nor patient trust over the long-term. Enhancing existing EMR implementations For a number of larger institutions that already have EMRs, considerable time and resources are often required to customize their EMR implementations on a case-by-case basis. Initially, a multistakeholder task force of key personnel, including adolescent medicine specialists, can be helpful for initiating the necessary discussions about adolescent confidentiality. Recognizing the impacts of previous design choices— often made without early consideration of adolescent patients’ needs—and the current technical limitations of commercial EMRs, health care systems must err on the side of maintaining adolescent confidentiality and minimizing the risk of inadvertent or inappropriate

Table 3 Considerations for implementing and optimizing current EMRs for adolescent medicine Multistakeholder task force committed to addressing adolescent confidentiality issues within health care system Clear labeling of sensitive information Automatic nonrelease of specific sensitive elements of adolescent patients’ electronic records Linkage of all adolescent patient prescriptions/medication orders with specific diagnosis or problem No billing, after-visit summaries, explanation of benefit, appointment reminders, or follow-up surveys posted to portals or mail for adolescent sensitive services Limited patient portal access for adolescents until more robust EMR privacy functionality

A. Anoshiravani et al. / Journal of Adolescent Health 51 (2012) 409 – 414

release of adolescent patients’ PHI. Highest yield areas of discussion are likely to include the following: 1. Direct clinician and/or health information specialist involvement in most, if not all, ROI requests for adolescent patients until automated processes are developed and proven reliable; 2. Modification of billing practices for all adolescent patients (either no bill or generic description, such as “adolescent health services”); 3. Reviewing the feasibility of patient portal access for adolescent patients and their families, especially for EMRs with limited or no proxy access capabilities (Table 3). For health care systems with the resources to customize their current EMR, having the task force advocate for some key enhancements and “work-arounds” can dramatically reduce inadvertent threats to adolescent patient privacy. First, clear labeling of potentially sensitive sections of adolescent patients’ records (psychosocial history, medications, problem lists, studies) as “confidential” within an EMR screen might go a long way toward minimizing risks of inappropriate clinician sharing of sensitive PHI. This may mean designating a specific background color choice to highlight— or overlaying opaque shading to obscure— confidential text so clinicians can plainly see what not to share. Further, automatic embargo on release of certain sensitive diagnoses, problems, laboratory studies, and medications (and training hospital billing staff to not send related bills) to parents and guardians is critical to prevent inappropriate ROI (either through AVS, patient portals, or through the mail). Such confidential information must simply not appear at all or, eventually when technically feasible, appear only for users the adolescent patient has freely chosen with whom to share. Requiring medication prescriptions to correlate with specific diagnoses, as the Joint Commission has considered in the past, might make this process easier since certain sensitive diagnoses could automatically trigger associated prescriptions to be treated as confidential. Finally, a key consideration when customizing an existing EMR implementation for adolescent medicine involves determining access to patient portal and personal health record accounts. Children’s hospitals that have created patient portals and personal health records with adolescents in mind have had some success with creating an individual account for each patient record in the EMR [23]. Parents who request online access for their nonadolescent child receive full proxy access to their child’s online account. However, once a child reaches the age at which she/he is considered an “adolescent” (and presumably can understand the information), access in most current commercial EMRs becomes complicated. Health care systems must decide whether to: 1. Completely exclude adolescent patients (and their parents) from online access to their medical records until the age of 18 years, especially if the likelihood of inadvertent sharing of confidential information is too high in their current EMR context; 2. Limit access for both the adolescent and parents to only the same functionality (e.g., secure messaging) and nonconfidential health information (“information parity”); 3. Provide adolescents access to their own confidential lab results, medications, and problem lists to the extent that is currently technically feasible, while simultaneously limiting

413

parental proxy access to only nonsensitive information, such as immunizations and historical laboratory results, diagnoses, and medications. Given that some institutions granting online access to adolescent PHI estimate that up to one-half of those accessing with patients’ usernames were actually parents, caution is prudent in this area. 4. Offer full access to parents of adolescents with severe chronic medical conditions, such as cancer or organ transplantation, if institutional processes exist that ensure the adolescent actually consents (in a noncoercive manner) to such sharing. Conclusion Privacy concerns are pervasive in adolescent health care, even in the most seemingly innocuous patient encounters. To date, neither EMR vendors nor many health care systems have adequately addressed the functionality and process design considerations needed to protect the confidentiality of adolescent patients. We propose that both EMR vendors and health care systems assume shared responsibility for creating the needed tools and processes. System vendors must provide key functionality in their products (adolescent privacy default settings, customizable privacy controls, proxy access, and HIE compatibility). To adequately serve adolescent patients, health care systems must elucidate relevant adolescent confidentiality policies and process design issues. These recommendations highlight both the unique needs of this patient population and the collaborative multistakeholder work required for adolescent patients to finally experience the full benefits of participatory health information technology. References [1] Blumenthal D, Tavenner M. The “meaningful use” regulation for electronic health records. N Engl J Med 2010;363:501– 4. [2] Jha AK, DesRoches CM, Kralovec PD, Joshi MS. A progress report on electronic health records in U.S. hospitals. Health Aff (Millwood) 2010;29: 1951–7. [3] Nakamura MM, Ferris TG, DesRoches CM, Jha AK. Electronic health record adoption by children’s hospitals in the United States. Arch Pediatr Adolesc Med 2010;164:1145–51. [4] Committee on Adolescence, American Academy of Pediatrics. Achieving quality health services for adolescents. Pediatrics 2008;121:1263–70. [5] Bourgeois FC, Taylor PL, Emans SJ, et al. Whose personal control? Creating private, personally controlled health records for pediatric and adolescent patients. J Am Med Inform Assoc 2008;15:737– 43. [6] Spooner SA, Council on Clinical Information Technology, American. Academy of Pediatrics. Special requirements of electronic health record systems in pediatrics. Pediatrics 2007;119:631–7. [7] Center for Adolescent Health and the Law. Available at: http://www. cahl.org/. Accessed April 30, 2012. [8] Guttmacher Institute. State policies in brief: An overview of minors’ consent laws; June 1 2012. Available at: http://www.guttmacher.orrg/statecenter/ spibs/spib_OMCL.pdf. [9] Berlan ED, Bravender T. Confidentiality, consent, and caring for the adolescent patient. Curr Opin Pediatr 2009;21:450 – 6. [10] Chira P, Nugent L, Miller K, et al. Living Profiles: Design of a health media platform for teens with special healthcare needs. J Biomed Inform 2010; 43(5 Suppl):S9 –12. [11] McCoy MJ, Diamond AM, Strunk AL, American Congress of Obstetricians and Gynecologists’ Committee on Ambulatory Practice Operations. Special requirements of electronic medical record systems in obstetrics and gynecology. Obstet Gynecol 2010;116:140 –3. [12] Kim GR, Lehmann CU, Council on Clinical Information Technology. Pediatric aspects of inpatient health information technology systems. Pediatrics 2008;122:e1287–96. [13] Tang PC, Ash JS, Bates DW, et al. Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption. J Am Med Inform Assoc 2006;13:121– 6.

414

A. Anoshiravani et al. / Journal of Adolescent Health 51 (2012) 409 – 414

[14] Detmer D, Bloomrosen M, Raymond B, Tang P. Integrated personal health records: Transformative tools for consumer-centric care. BMC Med Inform Decis Mak 2008;8:45. [15] Mandl KD, Kohane IS. Tectonic shifts in the health information economy. N Engl J Med 2008;358:1732–7. [16] Ford CA, Millstein SG, Halpern-Felsher BL, Irwin CE. Influence of physician confidentiality assurances on adolescents’ willingness to disclose information and seek future health care. A randomized controlled trial. JAMA 1997;278:1029–34. [17] Carlisle J, Shickle D, Cork M, McDonagh A. Concerns over confidentiality may deter adolescents from consulting their doctors. A qualitative exploration. J Med Ethics 2006;32:133–7. [18] Adler-Milstein J, DesRoches CM, Jha AK. Health information exchange among US hospitals. Am J Manag Care 2011;17:761– 8.

[19] Delbanco T, Walker J, Darer JD, et al. Open notes: Doctors and patients signing on. Ann Intern Med 2010;153:121–5. [20] Walker J, Leveille SG, Ngo L, et al. Inviting patients to read their doctors’ notes: Patients and doctors look ahead: Patient and physician surveys. Ann Intern Med 2011;155:811–9. [21] Lehrer JA, Pantell R, Tebb K, Shafer MA. Forgone health care among U.S. adolescents: Associations between risk characteristics and confidentiality concern. J Adolesc Health 2007;40:218 –26. [22] Gaskin GL, Longhurst CA, Anoshiravani A. Internet access and attitudes toward online personal health information among detained youth. Pediatrics. In press. DOI: 10.1542/peds.2012-1653. [23] Halamka JD, Mandl KD, Tang PC. Early experiences with personal health records. J Am Med Inform Assoc 2008;15:1–7.